It was discovered that KGet did not properly perform input validation whenprocessing metalink files. If a user were tricked into opening a craftedmetalink file, a remote attacker could overwrite files via directorytraversal, which could eventually lead to arbitrary code execution. [More...]

LoÃ¯c Minier discovered that xvfb-run did not correctly keep theX.org session cookie private. A local attacker could gain accessto any local sessions started by xvfb-run. Ubuntu 9.10 was notaffected. (CVE-2009-1573) [More...]

It was discovered that Kerberos did not correctly free memory in theGSSAPI and kdb libraries. If a remote attacker were able to manipulatean application using these libraries carefully, the service couldcrash, leading to a denial of service. (Only Ubuntu 6.06 LTS wasaffected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) [More...]

It was discovered that the Safe.pm module as used by PostgreSQL did notproperly restrict PL/perl procedures. If PostgreSQL was configured to usePerl stored procedures, a remote authenticated attacker could exploit thisto execute arbitrary Perl code. (CVE-2010-1169) [More...]

The SNMP server did not correctly validate certain UDP clients when usingTCP wrappers. Under some situations, a remote attacker could bypassaccess restrictions and communicate with the SNMP server, potentiallyleading to a loss of privacy or a denial of service. [More...]

It was discovered that the Linux kernel did not correctly handle memoryprotection of the Virtual Dynamic Shared Object page when runninga 32-bit application on a 64-bit kernel. A local attacker couldexploit this to cause a denial of service. (Only affected Ubuntu 6.06LTS.) (CVE-2009-4271) [More...]